From 600d7f8ccd56a2c5f6e4ffe211b527ed78c92cfb Mon Sep 17 00:00:00 2001
From: ewilly <ewilly@neuf.fr>
Date: Mon, 18 Nov 2019 12:30:42 +0100
Subject: [PATCH] Update

---
 conf/nginx.conf | 132 ++++++++++++++++++++++++------------------------
 scripts/backup  |   2 +-
 scripts/remove  |   2 +-
 scripts/restore |   2 +-
 4 files changed, 69 insertions(+), 69 deletions(-)

diff --git a/conf/nginx.conf b/conf/nginx.conf
index 4aa2cc4..598fa6f 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -1,67 +1,67 @@
-#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
-location __PATH__/ {
-	# Path to source
-	alias __FINALPATH__/;
-	
+#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
+location __PATH__/ {
+	# Path to source
+	alias __FINALPATH__/;
+	
 	# Force usage of https
-	if ($scheme = http) {
-		rewrite ^ https://$server_name$request_uri? permanent;
-	}
-	
-	# Add headers to serve security related headers
-	add_header Strict-Transport-Security "max-age=15768000;";
-	add_header X-Content-Type-Options nosniff;
-	add_header X-Frame-Options "SAMEORIGIN";
-	add_header X-XSS-Protection "1; mode=block";
-	add_header X-Robots-Tag none;
-	add_header X-Download-Options noopen;
-	add_header X-Permitted-Cross-Domain-Policies none;
-	
-	# Set max upload size
-	client_max_body_size 10G;
-	client_body_timeout 30m;
-	proxy_read_timeout 30m;
-	fastcgi_buffers 64 4K;
-	
-	# Disable gzip to avoid the removal of the ETag header
-	gzip off;
-	
-	index index.php;
-	try_files $uri $uri/ index.php;
-	
-	location ~ [^/]\.php(/|$) {
-		include fastcgi_params;
-		fastcgi_split_path_info ^(.+?\.php)(/.*)$;
-		fastcgi_pass unix:/var/run/php7.0-fpm-__NAME__.sock;
-		fastcgi_index index.php;
-		fastcgi_param REMOTE_USER $remote_user;
-		fastcgi_param PATH_INFO $fastcgi_path_info;
-		fastcgi_param SCRIPT_FILENAME $request_filename;
-		fastcgi_param HTTPS on;
-		fastcgi_param modHeadersAvailable true;
-		fastcgi_intercept_errors on;
-		fastcgi_read_timeout 30m;
-		fastcgi_send_timeout 30m;
-	}
-	
-	location ^~ __PATH__/(uploads|thumbs){
-                deny all;
-        }
-	
-	location ^~ __PATH__/private {
-		deny all;
-		location ~* __PATH__/private/temp/.*\.zip$ {
-			allow all;
-		}
-	}
-	        
-	location ^~ __PATH__/core {
-		deny all;
-		location ~* __PATH__/core/.*\.js$ {
-			allow all;
-		}
-	}
-	
-	# Include SSOWAT user panel.
-	include conf.d/yunohost_panel.conf.inc;
-}
+	if ($scheme = http) {
+		rewrite ^ https://$server_name$request_uri? permanent;
+	}
+	
+	# Add headers to serve security related headers
+	more_set_headers "Strict-Transport-Security: max-age=15768000; includeSubDomains; preload;";
+	more_set_headers "X-Content-Type-Options: nosniff";
+	more_set_headers "X-XSS-Protection: 1; mode=block";
+	more_set_headers "X-Robots-Tag: none";
+	more_set_headers "X-Download-Options: noopen";
+	more_set_headers "X-Permitted-Cross-Domain-Policies: none";
+	more_set_headers "Referrer-Policy: no-referrer";
+	
+	# Set max upload size
+	client_max_body_size 10G;
+	fastcgi_buffers 64 4K;
+	client_body_timeout 60m;
+	proxy_read_timeout 60m;
+	
+	# Disable gzip to avoid the removal of the ETag header
+	gzip off;
+	
+	index index.php;
+	try_files $uri $uri/ index.php;
+	
+	location ~ [^/]\.php(/|$) {
+		include fastcgi_params;
+		fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+		fastcgi_pass unix:/var/run/php/php7.0-fpm-__NAME__.sock;
+		fastcgi_index index.php;
+		fastcgi_param REMOTE_USER $remote_user;
+		fastcgi_param PATH_INFO $fastcgi_path_info;
+		fastcgi_param SCRIPT_FILENAME $request_filename;
+		fastcgi_param HTTPS on;
+		fastcgi_param modHeadersAvailable true;
+		fastcgi_intercept_errors on;
+		fastcgi_read_timeout 60m;
+		fastcgi_send_timeout 60m;
+	}
+	
+	location ^~ __PATH__/(uploads|thumbs){
+		deny all;
+		}
+	
+	location ^~ __PATH__/private {
+		deny all;
+		location ~* __PATH__/private/temp/.*\.zip$ {
+			allow all;
+		}
+	}
+	        
+	location ^~ __PATH__/core {
+		deny all;
+		location ~* __PATH__/core/.*\.js$ {
+			allow all;
+		}
+	}
+	
+	# Include SSOWAT user panel.
+	include conf.d/yunohost_panel.conf.inc;
+}
diff --git a/scripts/backup b/scripts/backup
index 5e5c76c..142b445 100644
--- a/scripts/backup
+++ b/scripts/backup
@@ -1,6 +1,6 @@
 #!/bin/bash
 # to test the functionnality :
-# yunohost backup create -n "bozon-test" --apps bozon
+# yunohost backup create -n "bozon-test" --ignore-system --apps bozon
 # yunohost backup delete bozon-test
 
 set -eu
diff --git a/scripts/remove b/scripts/remove
index 4c2fbf5..31cc4a3 100644
--- a/scripts/remove
+++ b/scripts/remove
@@ -26,7 +26,7 @@ data_path="/home/yunohost.app/$app"
 if [ $(yunohost app list -i -f "$app" | wc -l) -gt 1 ]; then
 	ynh_app_setting_set "$app" backup_core_only 0
 	app_bck=${app//_/-}
-	yunohost backup create --apps "$app" --name "${app_bck}_$(date '+%Y%m%d-%H%M%S')"
+	yunohost backup create --ignore-system --apps "$app" --name "${app_bck}_$(date '+%Y%m%d-%H%M%S')"
 	echo "BoZon fully backuped." >&2
 fi
 
diff --git a/scripts/restore b/scripts/restore
index e11760e..2ea3dec 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -1,6 +1,6 @@
 #!/bin/bash
 # to test the functionnality :
-# yunohost backup create -n "bozon-test" --apps bozon
+# yunohost backup create -n "bozon-test" --ignore-system --apps bozon
 # yunohost app remove bozon
 # yunohost backup restore "bozon-test"